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- The MAILING DATE of this communication appears on the cover sheet with the correspondence address - 
Period for Reply 



A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH(S) OR THIRTY (30) DAYS, 
WHICHEVER IS LONGER, FROM THE MAILING DATE OF THIS COMMUNICATION. 

- Extensions of time may be available under the provisions of 37 CFR 1.136(a). In no event, however, may a reply be timely filed 
after SIX (6) MONTHS from the mailing date of this communication. 

- If NO period for reply is specified above, the maximum statutory period will apply and will expire SIX (6) MONTHS from the mailing date of this communication. 

- Failure to reply within the set or extended period for reply will, by statute, cause the application to become ABANDONED (35 U.S.C. § 1 33). 
Any reply received by the Office later than three months after the mailing date of this communication, even if timely filed, may reduce any 
earned patent term adjustment. See 37 CFR 1.704(b). 

Status 

1)^ Responsive to communication(s) filed on 01/09/2006 . 
2a)IEI This action is FINAL. 2b)D This action is non-final. 

3) D Since this application is in condition for allowance except for formal matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quayle, 1935 CD. 11, 453 O.G. 213. 

Disposition of Claims 

4) [X] Claim(s) 1.2.4.9-11,16.1 8-20, 24, 25, 28-33 and 35- 54 is/are pending in the application. 

4a) Of the above claim(s) is/are withdrawn from consideration. 

5) E3 Claim(s) 30 and 31 is/are allowed. 

6) E3 Claim(s) 1.2.4.9-11.16.1 8-20, 24. 25. 28-33 and 35-54 is/are rejected. 

7) D Claim(s) is/are objected to. 

8) D Claim(s) are subject to restriction and/or election requirement. 

Application Papers 

9) D The specification is objected to by the Examiner. 

10) D The drawing(s) filed on is/are: a)D accepted or b)D objected to by the Examiner. 

Applicant may not request that any objection to the drawing(s) be held in abeyance. See 37 CFR 1 .85(a). 
■ Replacement drawing sheet(s) including the correction is required if the drawing(s) is objected to. See 37 CFR 1.121(d). 

11) D The oath or declaration is objected to by the Examiner. Note the attached Office Action or form PTO-152. 

Priority under 35 U.S.C. § 119 

12) D Acknowledgment is made of a claim for foreign priority under 35 U.S.C. § 1 19(a)-(d) or (f). 
a)D All b)D Some * c)D None of: 

1 .□ Certified copies of the priority documents have been received. 

2. Q Certified copies of the priority documents have been received in Application No. . 

3. D Copies of the certified copies of the priority documents have been received in this National Stage 

application from the International Bureau (PCT Rule 17.2(a)). 
* See the attached detailed Office action for a list of the certified copies not received. 
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3) Information Disclosure Statement(s) (PTO-1449 or PTO/SB/08) 5) □ Notice of Informal Patent Application (PTO-152) 
Paper No(s)/Mail Date 08/11/2005 . 6) □ Other: . 
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DETAILED ACTION 

1. Claims 3,5-8,12-15,17,21-23,26-27 and 34 have been cancelled. Claims 1-2,4,9- 
11,16,18-20,24-25,28-33 have been amended. Claims 35-54 have been added. Claims 
1-2,4,9-11,16,18-20,24-25,28-33, and 35-54 are pending. 

Response to Arguments 

2. Applicant's arguments with respect to claims 1,4,9-1 1,1 6,1 8-20,24,25,28-29,32- 
33,35-54 have been considered but are moot in view of the new ground(s) of rejection. 

Claim Rejections - 35 USC §112 

3. The following is a quotation of the second paragraph of 35 U.S.C. 1 12: 

The specification shall conclude with one or more claims particularly pointing out 
and distinctly claiming the subject matter which the applicant regards as his 
invention. 

4. Claims is rejected under 35 U.S.C 1 12, second paragraph, as being indefinite for failing 
to particularly point out and distinctly claim the subject matter which applicant regards as the 
invention. 

5. The term "a specified scheme" in claims 1 ,2,24,35-36 and 45-46 are renders the 
claim indefinite. The term a specified scheme is not defined by the claim, the 
specification does not provide a standard for ascertaining the requisite degree, and one 



Application/Control Number: 10/052,279 Page 3 

Art Unit: 2136 



of ordinary skill in the art would not be reasonably apprised of the scope of the claim. 
Applicant is advised to define "specified scheme" in the claims to particularly point out 
and distinctly claim the subject matter which applicant regards as the invention. 

Claim Rejections - 35 USC § 103 

6. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

7. Claims 1,2,4,10-11,16,18-20,24,25,32,33,35-54 are rejected under 35 U.S.C. 
103(a) as being unpatentable over Brustoloni(Pub No: US 2002/0046348 A1) in view of 
Kivinen et al(hereinafter referred as Kivinen) US 6,957,346 B1 . 

8. As per claims 1 ,24-25,32-33,35: method/product/apparatus for facilitating Internet 
security protocol (IPsec) based communications through a device that employs address 
translation in a 

telecommunications network, the method comprising the steps of: receiving a first 
electronic message from a first node, wherein the first electronic message is based on 
IPsec and is associated with a first identifier(col 3 lines 7-14 and col 7 lines 51-60); the 
first identifier is generated by the first node(col 7 lines 51-60); and the first electronic 
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message is addressed to a second network address(col 3 lines 7-14 See Fig 1a); the 
device generating a value based on the first identifier and a specified scheme(col 7 lines 
61 through col 8 line 7); sending the first electronic message to a second node based 
on the second network address, wherein the first electronic message includes a 
particular network address that is associated with the device instead of the first network 
address(col 3 lines 7-14 See Fig 1a); receiving a second electronic message from the 
second node, wherein the second electronic message is based on IPsec(col 9 lines 16- 
col 3 line 7-14 see Fig 3); and the second electronic message is addressed to the 
particular network address(col 3 line 7-14 see Fig 1b);the device determining whether 
the second electronic message is directed to the first node based on the value and the 
second identifier; and sending the second electronic message to the first node at the 
first network address when the second electronic message is determined to be directed 
to the first node(col 3 lines 15-28 and col 7 line 60 through col 8 line 7). 

Klvinenen doesn't explicitly teach the second electronic message is associated 
with a second identifier that is different than the first identifier and the second identifier 
is generated based on the first identifier and the specific scheme by the second node. 

However Brustoloni teaches the second electronic message is associated with a 
second identifier that is different than the first identifier and the second identifier is 
generated based on the first identifier and the specific scheme by the second node 
(0013,0029,0044See See Fig 2). Therefore it would have been obvious to one having 
ordinary skill in the art at that time the invention was made to employ the teaching 
method of Brustoloni within Kivinen because it would secure the method by routing the 
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incoming packets from a common server to a plurality of clients that are communicating 
with the server and sharing a common access link (Brustoloni See 0028). 

9. As per claims 4,37,47: the combination of Klvinenen and Brustoloni teach a 
method wherin the specified scheme is selected from the group consisting of a first 
scheme that produces a fixed length output, a second scheme that includes a hash 
algorithm, and a third scheme that includes a Message Digest 5 one-way hash function 
(See Kivinen col 7 line 60 through col 8 line 7). 

10. As per claims 9,38,48: the combination of Klvinenen and Brustoloni teach a 
method wherein: the value is a hash value(col 7 lines 61 through col 8 line 7); the 
second identifier is based at least in part on the hash value(); the hash value is 
comprised of a first plurality of bytes(col 7 lines 61 through col 8 line 7); the second 
identifier is comprised of a second plurality of bytes(col 7 lines 61 through col 8 line 7); a 
last pair of bytes of the second plurality of bytes is a first pair of bytes of the first plurality 
of bytes(col 7 lines 61 through col 8 line 7); and the step of determining whether the 
second electronic message is directed to the first node further comprises the steps of: 
comparing the last pair of bytes of the second identifier to the first pair of bytes of the 
hash value(col 7 lines 61 through col 8 line 7); and when the last pair of bytes of the 
second identifier match the first pair of bytes of the hash value, determining that the 
second electronic message is directed to the first node(col 7 lines 61 through col 8 line 

11. As per claims 10,39,49: the combination of Klvinenen and Brustoloni teach a 
method wherein the first node is an IPsec originator node(See Klvinenen col 7 lines 20- 
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60 Fig 3 ); the second node is an IPsec responder node(See Klvinenen col 7 lines 20-60 
Fig 3): the first identifier is a first IPsec security parameter index(See Klvinenen col 7 
lines 20-60 Fig 3); the second identifier is a second IPsec security parameter index(See 
Klvinenen col 7 lines 20-60 Fig 3); the device employs a feature selected from the group 
consisting of network address translation (NAT),dynamic address NAT, and network 
address port translation (NAPT)(col 3 lines 1-28);and the method further comprises the 
steps of: creating and storing a mapping between the value and the first IPsec security 
parameter index(See Klvinenen col 7 lines 20-60 Fig 3); creating an association 
between the value and the first identifier(See Klvinenen col 7 lines 20-60 Fig 3); and 
storing the association in a translation table(See Klvinenen col 7 lines 20-60 Fig 3). 

1 2. As per claims 1 1 ,41 ,51 : the combination of Klvinenen and Brustoloni teach a 
method as further comprising the steps of: when the second electronic message is 
determined to be directed to the first node, creating an association between the first 
network address and the second identifier (Klvinenen col 3 lines 7-14 and col 7 lines 51- 
60 Fig 3); storing the association in a table (Klvinenen col 3 lines 7-14 and col 7 lines 
51-60 Fig 3); receiving a third electronic message from the second node; wherein the 
third electronic message is based on IPsec and is associated with the second identifier: 
and determining that the third electronic message is directed to the first node based on 
the association(See Klvinenen col 3 lines 7-14 and col 7 lines 51-60 Fig 3). 

13. As per claim 18,42,52: the combination of the combination of Klvinenen and 
Brustoloni teach a method further comprising the steps of: receiving a third electronic 
from the second node, wherein the third electronic message is based on IPsec(See 
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Brustoloni Fig 3 item 301 -N): the third electronic message is addressed to the specified 
network address (See Fig 3 item 301 -N); the third electronic message is associated with 
a third identifier that is different than both the first identifier and the second 
identifier(See Brustoloni Fig 3 item 301 -N); the third identifier is generated based on the 
first identifier and the specified scheme, by the second node(Brustoloni 0015, 0029): the 
device determining whether the third electronic message is directed to the first node 
based on the value and the third identifier(Brustoloni 0015, 0028-0029); and when the 
third electronic message is determined to be directed to the first node, sending the third 
electronic message to the first node at the first network address(Brustoloni 0028-0029). 

14. As per claims 19,43,53: the combination of Klvinenen and Brustoloni teach a 
method wherein the step of the device generating the value is performed before the 
step of receiving the second electronic message (See Klvinenen col 7 lines 61 through 
col 8 line 7 See Fig 3). 

15. As per claims 20,44,54: the combination of Klvinenen and Brustoloni teach a 
method wherein the step of the device generating the value is performed after the step 
of receiving the second electronic message (See Klvinenen col 7 lines 61 through col 8 
line 7 See Fig 3). 

16. As per claims 28,29: the combination of Klvinenen and Brustoloni teach an 
apparatus wherein the value is a hash value, the first identifier is a first IPsec Security 
Parameter Index (SPI), the second identifier is a second IPsec SPI, and the instructions 
for generating the second IPsec SPI further comprises one or more stored sequences of 
instructions which, when executed by the processor, cause the process to carry out the 
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step of generating the second IPsec SPI based on at least a first portion of the hash 
value and the second portion of a second randomly generated fixed length value(See 
Brustoloni 0015,0024 ,0046). 

17. As per claim 50: the combination of Klvinenen and Brustoloni teach an apparatus 
wherein the first electronic message and the second electronic message are both based 
on an IPsec feature selected from the group consisting of IPsec tunnel mode and IPsec 
Encapsulation Security Payload (See Brustoloni 0046). 



Allowable Subject Matter 

18. Claims 30 and 31 are allowed. The following is a statement of reasons for the 
indication of allowable subject matter: Art on record fail to teach the NAT enabled router 
can determine which of two or more IPsec originator nodes to send each message from 
an IPsec responder node that each of the two or more originator nodes are 
communicate with. By comparing the portion of the responder node's SPI that is based 
on the originator node's SPI to a hash of the SPIs of the different originator nodes to 
determine which of the those originator nodes the particular responder node's message 
should be sent then the NAT device can make an entry in the network address 
translation table that properly associates the correct originator node to the responder 
node for each security association established between originator nodes and the same 
responder node. 
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Conclusion 

19. Applicant's amendment necessitated the new ground(s) of rejection presented in 
this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP 

§ 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 
CFR 1.136(a). 

20. A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within 
TWO MONTHS of the mailing date of this final action and the advisory action is not 
mailed until after the end of the THREE-MONTH shortened statutory period, then the 
shortened statutory period will expire on the date the advisory action is mailed, and any 
extension fee pursuant to 37 CFR 1 .136(a) will be calculated from the mailing date of 
the advisory action. In no event, however, will the statutory period for reply expire later 
than SIX MONTHS from the date of this final action. 

21 . The prior art made of record and not relied upon is considered pertinent to 
applicant's disclosure.See PTO 892. 

22. Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Fikremariam Yalew whose telephone number is 
5712723852. The examiner can normally be reached on 9-5. 

23. If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Ayaz Sheikh can be reached on 5712738300. The fax phone number for 
the organization where this application or proceeding is assigned is 571-273-8300. 
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24. Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). 

Fikremariam Yalew Art Unit 21 36 

03/30/2006 





TECHNOLOGY CENTER 2100 



